Find and disable specific ModSecurity rules

In this article I'm going to discuss how to find and disable specific ModSecurity rules that might be causing 406 errors on your websites on either your VPS (Virtual Private Server) or dedicated server. The rules that ModSecurity uses can help block potential attack attempts from malicious users, but sometimes it can also block legitimate requests, and knowing how to go in and find what rules are getting triggered and how to disable them can be handy.

This article is going to assume that you already know how to enable a ModSecurity configuration file for your domain which is discussed in my previous article about how to disable ModSecurity for a domain. However when you get to the part talking about using SecRuleEngine Off you won't want to put that in your ModSecurity configuration file. As that completely turns off ModSecurity, in this article we'll discuss using the SecRuleRemoveById setting instead to only disable one specific rule.

In order to follow along with this guide you'll need root access to either your VPS or dedicated server so that you have full access to modify your Apache configuration, and to create the ModSecurity configuration file.

Find ModSecurity rules getting triggered

Following the steps below I'll show you how you can use the Apache error log in order to determine what ModSecurity errors are being triggered on your websites.

Note that when we use >> this is going to append the rule to our ModSecurity configuration file, so we don't overwrite any previous rules we've allowed as well. If you don't already have your ModSecurity configuration file included in your Apache configuration, be sure to follow my guide on how to enable ModSecurity include and create a configuration file which covers this.

It's also important to remember you can't have the SecRuleEngine Off rule still in your ModSecurity configuration file if you're just disabling specific rules, as it will completely turn off ModSecurity.

You should now know how to locate what ModSecurity rules are being triggered, and how to indivdually disable those specific rules to stop triggering 406 ModSecurity errors on your website.

Did you find this article helpful?

We value your feedback!

Why was this article not helpful? (Check all that apply)

The article is too difficult or too technical to follow.
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.

How did you find this article?

Please tell us how we can improve this article:

Email Address

Name

new! - Enter your name and email address above and we will post your feedback in the comments on this page!

Since I can't see your account, I am unable to determine if you have the permission to change the Modsec rule - you would need to have root access. If you're finding that you are unable to make the changes, make sure that the file permissions allow you to change it, if you're still having the problem, then contact our technical support team through email/phone/chat.

The technical support team may need to make the change for you, if you have a hosting account with us.

We have issues when ModSec Rule is enabled and get a 406 error for the User Agent Header. This occures after users pay for items using the SIM payment method and are then re-routed or relayed back to the website. I would like to just disable that rule for the USer Agent Header request. Where can I find that rule number? Also, would enabling Mod_Rewrite in my CMS configuration help at all?

Following Jacob's instructions above should help you identify and disable the specific rule. Mod_rewrite is enabled by default on the servers, but it is enabled by the htaccess file usually as well by calling 'RewriteEngine On'.